We Keep Coding

Django dj-rest-auth (django-allauth) redirection doesn't work, however, LOGIN_REDIRECT_URL is set

I'm using Django 4.1 (Djoser doesn't work with 4.x) and dj-rest-auth (if I'm not mistaken, registration is provided by django-allauth module). What am I trying to achieve is getting new user to a profile creation page ('/api/v1/new_hero/' endpoint), right after he signs up. Without any email verification, just right into it. But for now, with all theese settings, after registration, django keeps the user on the same ('auth/registration/') page with tokens demonstration and other stuff. By the way, situation keeps similar with loginning. How am I supposed to direct the user to a target page?
settings.py:
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
REST_USE_JWT = True
JWT_AUTH_COOKIE = 'jwt-auth'
SITE_ID = 1
LOGIN_REDIRECT_URL = '/api/v1/new_hero/'
ACCOUNT_SIGNUP_REDIRECT_URL = '/api/v1/new_hero/'
ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = True
ACCOUNT_EMAIL_VERIFICATION = 'none'
urls.py
urlpatterns = [
re_path(r'^docs(?P<format>\.json|\.yaml)$', schema_view.without_ui(cache_timeout=0), name='schema-json'),
re_path(r'^docs/$', schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
re_path(r'^redoc/$', schema_view.with_ui('redoc', cache_timeout=0), name='schema-redoc'),
path('admin/', admin.site.urls),
path('api-auth/', include('rest_framework.urls')),
path('api/v1/', include('items.urls')),
path('auth/', include('dj_rest_auth.urls')),
path('auth/registration/', include('dj_rest_auth.registration.urls')),
]
items/urls.py
urlpatterns = [
path('items/', ItemsListCreateView.as_view(), name='list_items'),
path('items/<int:pk>/', ItemDetailView.as_view(), name='update_item'),
path('heroes/', HeroListView.as_view(), name='list_heroes'),
path('new_hero/', HeroCreateView.as_view(), name='create_hero'),
path('heroes/<int:pk>/', HeroDetailView.as_view(), name='update_hero'),
path('classes/', HeroClassListCreateView.as_view(), name='list_classes'),
path('weapons/', WeaponClassListCreateView.as_view(), name='list_weapons'),
# path('reg/', Registration.as_view(), name='custom_registration'),
]
I tryied different django-allauth settings, checked correctness of INSTALLED_APPS, AUTHENTICATION_BACKENDS and other sections of settings.py, and it all end up here, with me writing a question.

Django, mozilla-django-oidc and admin

i am trying to connect Okta with a custom Django (v.3.0.2) app i am coding, using the mozilla-django-oidc library. So far the initial user authentication and account creation (using Django's user model) works, but i don't understand what i need to do to have the Django AdminSite work.
The Adminsite, before introducing mozilla-django-oidc worked as expected. I created an admin user, named "admin" and the user was able to login.
To integrate the mozilla-django-oidc library i followed the instructions here: https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html. The instructions do not have any specific mention of the AdminSite.
When i access the AdminSite after the library integration, i have the following:
The AdminSite uses the default template - my assumption was that it
would also use Okta to authenticate.
The admin account "admin" that used to be able to login into the AdminSite does not work anymore
My goal is to be able to access the AdminSite. I don't mind if it will be over Okta or over the vanilla interface as long as i can access it.
Below are the relevant segments from the files (in order to integrate):
urls.py
urlpatterns = [
path('', static_site.site_index, name='site_index'),
path('admin/', admin.site.urls),
path('review/', include('review.urls')),
path('oidc/', include('mozilla_django_oidc.urls')),
]
settings.py
# OICD
AUTHENTICATION_BACKENDS = (
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
)
OIDC_RP_CLIENT_ID = 'xxxxx'
OIDC_RP_CLIENT_SECRET = 'xxxx'
OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_OP_JWKS_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/keys'
OIDC_RP_SCOPES = 'openid email profile'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/authorize'
OIDC_OP_TOKEN_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/token'
OIDC_OP_USER_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/userinfo'
# Provided by mozilla-django-oidc
LOGIN_URL = reverse_lazy('oidc_authentication_callback')
# App urls
LOGIN_REDIRECT_URL = reverse_lazy('review:dashboard')
LOGOUT_REDIRECT_URL = reverse_lazy('site_index')
Any ideas or pointers welcomed!

The goal was achieved by adding the default auth backend to the settings:
settings.py
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]
I don't get Okta auth for the admin, but since i am happy just to have the admin running, i will stop here.

I've come up with a solution for using the mozilla-django-oidc login with the django admin. It's a little hacky but it's a lot less intimidating to redirect the admin login page than to override AdminSite.
In my top-level urls.py I have
class CustomLogin(View):
def get(self, request, **kwargs):
return HttpResponseRedirect(
reverse('oidc_authentication_init') + (
'?next={}'.format(request.GET['next']) if 'next' in request.GET else ''
)
)
urlpatterns = [
path('oidc/', include("mozilla_django_oidc.urls")),
path('admin/login/', CustomLogin.as_view()),
path('admin/', admin.site.urls),
# the rest of my urls...
]
If you don't care about passing the ?next= value correctly you can skip the CustomLogin class and do the following instead
urlpatterns = [
path('oidc/', include("mozilla_django_oidc.urls")),
]
# This only works if you break up urlpatterns so the reverse below can find what it needs
urlpatterns += [
path('admin/login/', RedirectView.as_view(
url=reverse('oidc_authentication_init') + ?next=/admin/,
permanent=False
)),
path('admin/', admin.site.urls),
# the rest of my urls...
]
I added ?next=/admin/ because by default once you log in you will be redirected to settings.LOGIN_REDIRECT_URL which I'm already using for something else

If you're using the default primary identifier, "email", you can create a superuser with that same email which will give SU privileges to that SSO user. So for example, if you have an SSOuser with email testuser#example.com, you can then run python manage.py createsuperuser and when prompted, set the email to testuser#example.com; the username and password don't matter since you're not actually using them for authentication (if you remove 'django.contrib.auth.backends.ModelBackend' from AUTHENTICATION_BACKENDS). I currently have this working, although I am extending the mozilla backend with the steps recommended in https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#connecting-oidc-user-identities-to-django-users to prevent users from being created on the fly.

django Incorrect authentication service "google-oauth2"

I am trying to get django-social-auth to work with google logins.
I logged into google dev console > created a project > created a new client id in credentials as a web application which gave me the id and secrete.
I then get an error when i click the link on my site to log on with google
WrongBackend at /login/google-oauth2/
Incorrect authentication service "google-oauth2"
Here is my settings in settings.py
AUTHENTICATION_BACKENDS = (
'social.backends.open_id.OpenIdAuth',
'social.backends.google.GoogleOpenId',
'social.backends.google.GoogleOAuth2',
'social.backends.google.GoogleOAuth',
'social.backends.twitter.TwitterOAuth',
'social.backends.yahoo.YahooOpenId',
'django.contrib.auth.backends.ModelBackend',
)
TEMPLATE_CONTEXT_PROCESSORS = (
'social.apps.django_app.context_processors.backends',
'social.apps.django_app.context_processors.login_redirect',
'django.contrib.auth.context_processors.auth',
)
LOGIN_URL = '/login/'
LOGIN_REDIRECT_URL = '/oauth2callback/'
LOGIN_ERROR_URL = '/login-error/'
SOCIAL_AUTH_DEFAULT_USERNAME = 'new_social_auth_user'
SOCIAL_AUTH_UID_LENGTH = 16
SOCIAL_AUTH_ASSOCIATION_HANDLE_LENGTH = 16
SOCIAL_AUTH_NONCE_SERVER_URL_LENGTH = 16
SOCIAL_AUTH_ASSOCIATION_SERVER_URL_LENGTH = 16
SOCIAL_AUTH_ASSOCIATION_HANDLE_LENGTH = 16
SOCIAL_AUTH_ENABLED_BACKENDS = 'google'
GOOGLE_OAUTH2_CLIENT_ID = 'id.apps.googleusercontent.com'
GOOGLE_OAUTH2_CLIENT_SECRET = 'client_secret'
Does anyone know why i get that message? Thanks

Based on AUTHENTICATION_BACKENDS you mentioned, it seems you use python-social-auth (not django-social-auth) which has another syntax of key and secrect declaration.
references: python-social-auth documentation
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = 'id.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'client_secret'

Django OAuth2 Error: invalid_client and client_id=None when client_id has been provided

I am using django-social-auth for google apps authentication for my django project. I obtained the client id and secret key from Google api console for my domain. And plugged in the values in my app as follows:
**settings.py**
MIDDLEWARE_CLASSES = (
'social_auth.middleware.SocialAuthExceptionMiddleware',
)
LOGIN_URL = '/login/google-oauth2/'
LOGIN_REDIRECT_URL = '/profile'
LOGIN_ERROR_URL = '/login-error/'
AUTHENTICATION_BACKENDS = (
'social_auth.backends.google.GoogleOAuth2Backend',
'django.contrib.auth.backends.ModelBackend',
)
TEMPLATE_CONTEXT_PROCESSORS = (
"django.contrib.auth.context_processors.auth",
"social_auth.context_processors.social_auth_by_type_backends",
)
SOCIAL_AUTH_ENABLED_BACKENDS = ('google',)
SOCIAL_AUTH_DEFAULT_USERNAME = 'new_social_auth_user'
GOOGLE_OAUTH2_CLIENT_ID = '***.apps.googleusercontent.com'
GOOGLE_OAUTH2_CLIENT_SECRET = '****'
GOOGLE_WHITE_LISTED_DOMAINS = ['127.0.0.1:8000']
SOCIAL_AUTH_COMPLETE_URL_NAME = 'socialauth_complete'
SOCIAL_AUTH_ASSOCIATE_URL_NAME = 'socialauth_associate_complete'
SOCIAL_AUTH_RAISE_EXCEPTIONS = False
SOCIAL_AUTH_PROCESS_EXCEPTIONS = 'social_auth.utils.log_exceptions_to_messages'
INSTALLED_APPS = (
'social_auth', )
...
**urls.py**
from django.conf.urls import patterns, include, url
from django.contrib import admin
from django.views.generic import TemplateView
from django.contrib.auth.views import logout
admin.autodiscover()
urlpatterns = patterns('',
url(r'^admin/', include(admin.site.urls)),
url(r'', include('social_auth.urls')),
url(r'^$', TemplateView.as_view(template_name="login.html")),
url(r'^logout/$', logout, {'next_page': '/'}, name='gauth_logout'),
url(r'^profile/$', TemplateView.as_view(template_name="profile.html")),
)
...
**login.html**
<p>Use your work email credentials to sign in to this application:
Sign In
</p>
The problem is that when I click on sign in I am redirected to the Error: Invalid_client page with the details:
Request Details
cookie_policy_enforce=false
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
response_type=code
redirect_uri=http://127.0.0.1:8000/complete/google-oauth2/
state=WZWyJgDRfeW4RneRynqSZ3nSy0Bzs0v6
client_id=None
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&state=WZWyJgDRfeW4RneRynqSZ3nSy0Bzs0v6&redirect_uri=http://127.0.0.1:8000/complete/google-oauth2/&response_type=code&client_id=None
Even though I have provided the correct client_id in my project, the page (and as can be seen from the url) says that it has not been provided. If I plug it manually in the url, I am redirected to the permissions page though.
Also when I accept the permissions I get an AuthCanceled at /complete/google-oauth2/ error. Is it that my project is not reading the social_auth settings correctly?
Any help would be appreciated. Thanks.

i was having the same problem just change
GOOGLE_OAUTH2_CLIENT_ID = '***.apps.googleusercontent.com'
GOOGLE_OAUTH2_CLIENT_SECRET = '****'
To
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '****.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET ='****'
in the settings.py file

django-social-auth error in connecting with Facebook

I have problem in connecting with Facebook backend of django-social-auth. I have created a Facebook app and in my project setting, I have provided its settings:
INSTALLED_APPS = (
...
'social_auth'
)
AUTHENTICATION_BACKENDS = [
"account.auth_backends.AuthenticationBackend",
'social_auth.backends.facebook.FacebookBackend',
'django.contrib.auth.backends.ModelBackend',
]
LOGIN_URL = "/"
LOGIN_REDIRECT_URLNAME = "home"
LOGOUT_URL = "/"
urlpatterns = patterns('',
...
url(r'', include('social_auth.urls')),
...
)
TEMPLATE_CONTEXT_PROCESSORS = (
...
'social_auth.context_processors.social_auth_by_type_backends',
)
SOCIAL_AUTH_EXPIRATION = 'expires'
FACEBOOK_APP_ID = '***************'
FACEBOOK_API_SECRET = '**************'
FACEBOOK_EXTENDED_PERMISSIONS = ['email', 'user_birthday', 'user_photos']
In 'Site Url' of my app on Facebook I have provided IP of my PC. Now when I connect with Facebook through my IP with my own account then it works fine. But when I try to connect with some other Facebook account then it give the error on permissions page:
"Sorry, something went wrong.We're working on getting this fixed as soon as we can."
Can someone has any idea?

In Facebook each app has certain permissions for Facebook Users, you are the lead developer, you can add testers and what not, Its on the app configuration interface.

For Facebook backend of django-social-auth to work properly then runserver on your IP instead of running on localhost.